Closed mxrch closed 2 years ago
Hm, I'm not sure. My guess is they're like refresh tokens, which don't expire but might be revoked under some circumstances.
Okay, thank you for your quick response My first tests shows that generating a new master token doesn't revoke the older ones, so it might be good !
Don't hesitate to close the issue if you want ☺️
This person confirms that it never expires : https://ethanblake4.medium.com/how-i-stole-the-data-in-millions-of-peoples-google-accounts-aa1b72dcc075
Haha, fair enough!
Hi ! First, thanks for your library and the linked articles (btw, the encryptedpasswd one is dead, you should link this snapshot instead : https://web.archive.org/web/20150814054004/http://codedigging.com/blog/2014-06-09-about-encryptedpasswd/)
I want to include a new feature in my project GHunt that uses the Google Play services and it works perfectly using gpsoauth and the informations I intercepted from the Android App, but I need to make it works with 2FA too since it will be active by default for all the accounts (https://www.theverge.com/2021/5/6/22422778/google-accounts-enabling-two-step-verification-default), to make it a minimum user-friendly
The login flow I currently use in GHunt is : a browser extension dumps all the required cookies, and sends it to GHunt, then we can use it for a very long time, because it has an expiration date of 2 years. So to add the gps oauth with minimal action for the user, I was thinking about sending the user to this link from the extension : https://accounts.google.com/o/android/auth?&source=android&lang=en&langCountry=en_us&xoauth_display_name=Android%20Phone&cc=us&tmpl=new_account
Then we can get the oauth2 token from the cookies, and finally we can get the "master token". But do you know how long does it last ? Is it safe to store it to reuse it for like 1 year ?
Thank you in advance !